[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Sks-devel] Re: details to configure SKS https web interface
|
From: |
Gab |
|
Subject: |
[Sks-devel] Re: details to configure SKS https web interface |
|
Date: |
Sun, 15 Mar 2009 16:23:41 +0100 |
|
User-agent: |
Mozilla-Thunderbird 2.0.0.19 (X11/20090103) |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Daniel Kahn Gillmor wrote:
> On 03/07/2009 03:03 PM, Joseph Oreste Bruni wrote:
>> On Mar 7, 2009, at 8:11 AM, Gab wrote:
>>> I wish to in https ssl the sks web interface .
>>> What are the directives for cert.pem and key.pem and to enable ssl ?
>> I don't believe that the built-in web server supports SSL. However, you
>> could front-end SKS with Apache configured as a proxy.
>
> We're currently doing this on zimmermann with nginx providing the
> front-layer proxy (still using X.509-certified TLS, unfortunately). The
> configuration snippet looks like this:
>
>> server {
>> listen 443;
>> listen 11372;
>> server_name zimmermann.mayfirst.org;
>> ssl on;
>> ssl_certificate /etc/ssl/certs/zimmermann.mayfirst.org-cert.pem;
>> ssl_certificate_key /etc/ssl/private/zimmermann.mayfirst.org-key.pem;
>> access_log off;
>>
>> location / {
>> proxy_pass http://localhost:11371/;
>> }
>> }
>
> We chose to listen on port 443 so people could browse to it with
> https://zimmermann.mayfirst.org/ (the X.509 certificate offered here is
> signed by a private certificate authority [0], which i have also
> signed, if you care to certify it)
>
> We also are listening on port 11372 because this seems to be the choice
> of gnupg maintainers for hkp-over-tls (hkps?), according to this recent
> (as yet unreleased) patch to gpg:
>
> http://cvs.gnupg.org/cgi-bin/viewcvs.cgi/branches/STABLE-BRANCH-1-4/keyserver/gpgkeys_hkp.c?root=GnuPG&rev=4924&r1=4878&r2=4924
>
> hope this is useful, and i'm happy to explain more details if folks are
> interested.
>
> --dkg
>
> [0] https://support.mayfirst.org/wiki/mfpl_certificate_authority
>
>
What would be the procedure for apache2 ?
Gab
- --
sec 1024D/BC4F9423 2008-12-05
Key fingerprint = 36C6 E257 2801 46E7 69A7 8721 F502 1342 BC4F 9423
uid Gabriele XXX (Mail Account Autistici)
<address@hidden>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEAREKAAYFAkm9HXwACgkQ9QITQrxPlCOZpgCgkGO6gB4BtqL9BEqxJ3slKZya
lwAAoJUbrohYdqoINnZKHPbG+vcXlwT+
=Vrvg
-----END PGP SIGNATURE-----
- Re: [Sks-devel] details to configure SKS https web interface, (continued)
- Re: [Sks-devel] details to configure SKS https web interface, David Shaw, 2009/03/07
- Re: [Sks-devel] details to configure SKS https web interface, Daniel Kahn Gillmor, 2009/03/08
- Re: [Sks-devel] details to configure SKS https web interface, David Shaw, 2009/03/09
- Re: [Sks-devel] details to configure SKS https web interface, Christoph Anton Mitterer, 2009/03/10
- Re: [Sks-devel] details to configure SKS https web interface, David Shaw, 2009/03/10
- Re: [Sks-devel] details to configure SKS https web interface, Kiss Gabor (Bitman), 2009/03/08
- Re: [Sks-devel] details to configure SKS https web interface, Christoph Anton Mitterer, 2009/03/08
- Re: [Sks-devel] details to configure SKS https web interface, Kiss Gabor (Bitman), 2009/03/08
- Re: [Sks-devel] details to configure SKS https web interface, David Shaw, 2009/03/08
- [Sks-devel] Re: details to configure SKS https web interface, Gab, 2009/03/13
- [Sks-devel] Re: details to configure SKS https web interface,
Gab <=
- Re: [Sks-devel] Re: details to configure SKS https web interface, Daniel Kahn Gillmor, 2009/03/15
- [Sks-devel] Re: details to configure SKS https web interface, Gab, 2009/03/15
- Re: [Sks-devel] Re: details to configure SKS https web interface, Jan Kesten, 2009/03/16
- Re: [Sks-devel] Re: details to configure SKS https web interface, Phil Pennock, 2009/03/16